/**
 * 
 */
package cas.server.ldap.authe;

import org.apache.commons.lang.BooleanUtils;
import org.ldaptive.LdapEntry;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchRequest;
import org.ldaptive.auth.PooledSearchDnResolver;

/**
 * 如果账号过期或者锁定，返回dn为null
 * 
 * @author Cre.Gu
 *
 */
public class SoaSearchDnResolver extends PooledSearchDnResolver {

	@Override
	protected SearchRequest createSearchRequest(SearchFilter filter) {
		SearchRequest request = super.createSearchRequest(filter);
		request.setReturnAttributes(ReturnAttributes.ALL.value());
		return request;
	}

	@Override
	protected String resolveDn(LdapEntry entry) {
		// 判断zjtzsw-account属性
		// 过期或者锁定，返回null
		String expired = entry.getAttribute("expired") == null ? null : entry
				.getAttribute("expired").getStringValue();
		String disable = entry.getAttribute("disable") == null ? null : entry
				.getAttribute("disable").getStringValue();

		if (BooleanUtils.toBoolean(expired) || BooleanUtils.toBoolean(disable))
			return null;

		return super.resolveDn(entry);
	}

}
